Ethereal-users: Re: [Ethereal-users] how to split tcpdump output into streams

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 20 Jan 2006 09:57:44 -0800
Peter Huesser wrote:
Yesterday I had some problems with one of our spamservers. Quit a lot of messages got lost but I have a tcpdump of the whole traffic to the spamserver. I am wondering if it is possible to generate out of this dump the lost emails. Ethereal has the "follow tcp stream" feature which generates the email. Unfortunately everything is interactively ! Is it possible to somehow script this things (maybe using other tools). 

On the "tools" page on the Ethereal Wiki:

	http://wiki.ethereal.com/Tools

one tool mentioned is tcpflow:

	http://www.circlemud.org/~jelson/software/tcpflow/

which "captures data transmitted as part of TCP connections (flows), and
stores the data in a way that is convenient for protocol analysis or
debugging".  It might do what you want.